ENISA Report: Ten Smart Grid Security Recommendations

Tuesday, July 10, 2012

The EU Agency ENISA has launched a new report on how to make smart grids and their roll out a success, in particular by making sure that IT security aspects are properly taken into account from the beginning.

A smart grid is an upgraded electricity network with two-way digital communication between supplier and consumer.

The adoption of smart grids will dramatically change the distribution and control of energy for solar panels, small wind turbines, electric vehicles, etc.

By making energy distribution more efficient, smart grids give clear benefits to users, electricity suppliers, grid operators, and society as a whole. At the same time, their dependency on computer networks and Internet makes our society more vulnerable to cyber-attacks, with potentially devastating results.

Therefore, to prepare for a successful roll-out of smart grids, this study proposes 10 security recommendations for the public and private sector out of almost 100 findings.

Some key report recommendations include:

The European Commission (EC) and the competent authorities of the Member States (MS) need to provide a clear regulatory and policy framework on smart grid cyber security at the national and EU level, as this presently is missing.

The EC, in collaboration with ENISA, the MS, and the private sector, should develop a minimum set of security measures based on existing standards and guidelines.

Both the EC and the MS authorities should promote security certification schemes for the entire value chain of smart grids components, including organisational security.

The MS authorities should involve Computer Emergency Response Teams to play an advisory role in power grids’ cyber security.

The Executive Director of ENISA, Professor Udo Helmbrecht, commented; “Our study shows that the two ‘separate worlds’ of the energy sector versus the IT security sector must be aligned on security for smart grids. We estimate that without taking cyber security into serious consideration, smart grids may evolve in an uncoordinated manner. I would therefore suggest that smart grids’ security be made part of the EU’s forthcoming Internet Security Strategy.”

Cyber security aspects of smart grids Smart grids give rise to new information security challenges for electricity networks. Information systems’ vulnerabilities may be exploited for financial or political motivation in cyber-attacks to shut off power plants.

Software and hardware for the smart grid infrastructure are thus high risk targets. Therefore, reducing barriers to information sharing is vital for the success of smart grids.

This study makes 10 recommendations to the public and private sector involved in the definition and implementation of smart grids. These recommendations intend to provide useful and practical advice aimed at improving current initiatives, enhancing co-operation, raising awareness, developing new measures and good practices, and reducing barriers to information sharing.